Tagged: Cybersecurity

WannaCry Ransomware paved the way by showing how to quickly spread across the Global Internet. It focused on on a vulnerability with Windows SMB which had been there for years and only exploited by Nation State employed Hackers.

It is basically a Worm which was first spread by malicious XL spreadsheets. Once on a network it stays in memory and as such is no so easy to detect and protect against. It looks like it is also focusing on the Windows SMB protocol and the Ports which support SMB.No wonder the focus on SMB as Petya use EternalBlue code as did WannaCry

My big fear is that Banks and Financial Institution had been targeted by Petya Ransomware. If it infects a large number of Banks then we could possibly see a Major Banking Crisis. It might be an idea to keep some cash on hand, in a safe place. Because it operates as Worm Code it is hard to detect and eliminate.

I will prepare a full review later this week. In the meantime the following are links which will shed light on what is happening. Some of the protective measures which stopped WannaCry Ransomware in it’s tracks, like disabling SMB ports, could also work to stop or slow the spread of Petya Ransomware.

Michael “MafiaBoy” Calce was just 15 years old. During his Exploit days, prior to being arrested, he had taken down the websites of some of the largest companies in the world, causing an estimated $1.7 billion in losses. He realized the depth of what he had done, after watching a news program where then President Clinton spoke about what “Mafiaboy” had done.

This video: “Rivolta: Inside the Mind of Canada’s Most Notorious Hacker” was produced by HP Canada. “Rivolta” was directed by Hubert Davis.

In one way this young person was extremely curious and yet his educators did not pick-up on that, so he sought out info elsewhere. In one part of the video, Michael Calce talked about taking a computer programming class in Pascal, but showed his instructor that he could code the course examples in far more powerful and complex “C Language“.

How many other genius kids who have the inner desire to learn, are also being missed by their Educators? Yes, this video is about the Exploits of a 15-year-old“Elite” Hacker, but it is also about an Educational System which in my opinion failed this young lad.

Adrien Guinet, a French security researcher Adrien Guinet has created a software tool called “WannaKey” that “may” decrypt the files which were encrypted by WannaCry Ransomware. So if you are lucky and have not rebooted the infected computer you “MAY” be able to unencrypt your files without having to pay the Ransom fee.

When WannaCry encrypts your files, it creates a Private Key which is used to create the decrypt key. Then the Private key is erased. On older Windows systems the erase does not remove the data from memory. So if you are lucky and you have “not” rebooted the PC then there is a chance that WannaKey could recover the Private key, because it is still held in the system memory.

Once you have the Private Key then you can use a different program developed by Benjamin Delpycalled wanakiwi to decrypt the files on the WannaCry encrypted PC.

The key point to remember is that the above process “MAY’ work. The Computer which was encrypted by WannaCry Ransomware, must “NOT” have been rebooted. Any files to download would be done using a different computer and then run on the encrypted PC via a USB flash Drive. The WannaCry code did issue the command to erase the Private Key but the bug in older Windows Operating Systems is that Private Key has not been erased from the computer’s main memory. With a bit of luck, you may be able to decrypt your WannaCry encrypted PC. Note there is no guarantee that this will work. If you are unsure how to go about this, then get a computer professional to help you.

Disclaimer: Everything in the post above is subject to change without notice. There could be unintentional errors. Please confirm all info via the linked to websites and web pages. Best Practice is to also always create daily backups. If you try to decrypt a WannaCry encrypted personal computer or server, you do so at your own risk. There is no guarantee that the above info will be successful in decrypting the files.

WannaCry Ransomware seems to have appeared out of the blue. Because of it thousands of people have searched the internet to find out how to disable SMB on their Microsoft Windows based Servers and Workstations and Personal Computers. Thousands had dropped by Uniquely Toronto to read out posts which provided details on ways to disable SMB v1.0.

Now Adylkuzz is running another major attack which is underway and uses the SMB vulnerability in Windows.

“US-CERT cautions users and administrators that disabling or blocking SMB may create problems by obstructing access to shared files, data, or devices. The benefits of mitigation should be weighed against potential disruptions to users. For more information on SMB, please review Microsoft Security Advisories 2696547 (link is external) and 204279 (link is external).”

Disclaimer: Everything in the post above is subject to change without notice. There could be unintentional errors. Please confirm all info via the linked to websites and web pages. Please install the Microsoft Windows MS17-010 Security Update (see link above). Best Practice is to also always create daily backups

WannaCry Ransomware is continuing the spread around the globe. Some have even called it the start of a CyberWar. Russian President Putin is apparently blaming the U.S. for creating the tool set. Microsoft is apparently pointing that it is the stolen software tools from the N.S.A (National Security Agency).

The following is a paragraph from Brad Smith’s post:
“All of this provides the broadest example yet of so-called “ransomware,” which is only one type of cyberattack. Unfortunately, consumers and business leaders have become familiar with terms like “zero day” and “phishing” that are part of the broad array of tools used to attack individuals and infrastructure. We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident. This included a decision to take additional steps to assist users with older systems that are no longer supported. Clearly, responding to this attack and helping those affected needs to be our most immediate priority.“

Kudos go out to Microsoft for providing the Security Update for Windows XP:

The recent DOD ‘Hack the Pentagon’ contest was a success. That contest was limited to US based Cyber Security enthusiasts. The United States Air Force “Hack the Air Force” contest, will be expanding the opportunity to join in the contest by allowing individuals and groups from the following countries to also participate (in addition to US Citizens): United Kingdom, Canada, Australia and New Zealand.

This sounds like a great move by the Department of Defence and the US Air Force. The prior “hack the Pentagon” contest was a great success. This new Hack the Air Force contest will allow non-US based CyberSecurity Talent to participate. The more people joining the contest the more Security Vulnerabilities I suspect will be found.

Registration for the ‘Hack the Air Force’ event opens May 15 on the HackerOne website. The contest opens May 30 and ends June 23. Military members and government civilians are not eligible for compensation but can participate on-duty with supervisor approval. Mark your calendars and make sure that you register starting on May

Mark your calendars and make sure that you register starting on May 15 2017.

Last year I had posted about Kaspersky Lab reporting about a Bank exploit, where Russian Banks were targeted. Basically the Hackers were able to get Bank Accounting Staff to connect to a site where a keylogger and other Trojan Remote Control software was secretly uploaded and installed into “system RAM“, but not onto the Hard Disk or Network Storage. That allowed their remote control software (called Lurk) to be overlooked by Security Software, because Security Software usually scans stored files and not RAM. Once installed, the hackers could monitor the employees. When the employee went for lunch, they took over the PC and started to transfer funds around the world.

Earlier this year, Russian Authorities had arrested over 50 alleged Hackers who were alleged to be part of the group which targeted and Hacked into the Banks. The investigation into this group’s activities had been ongoing for years (at least since 2013). The Cisco Talos Security Webinar discussed the arrests and the aftermath. Cisco’s research seems to indicate that the same group was involved in other Internet Exploits. One of which was the Angler Ransomware.

Since the Russian arrests, certain malware has disappeared, along with certain DarkNet sites and BotNets. The Russian Authorities made the Internet a tad safer, at least for a short while.

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.

The Cybersecurity Researchers at Zscaler Inc have posted a new finding of a Fake Google Chrome Update which installs Malware. The only way to get rid of the Android Infostealer Malware is to reset the Android Phone to factory settings (thus wiping claen).

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

When we think about surfing the Internet, most people are looking at just the top of the network iceberg. When in fact, the web actually holds a “Deep Web,” hidden from everyday users and ordinary browsers. This is due to the Deep Web continuously encrypting …

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

“Palo Alto Networks reported the ransomware issue to the Transmission Project and to Apple on March 4. Apple has since revoked the abused certificate and updated XProtect antivirus signature, and Transmission Project has removed the malicious installers from its website.

Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the “OSX.KeRanger.A” ransomware (more information available here) is correctly removed from your computer.

Users of 2.91 should also immediately upgrade to and run 2.92. Even though 2.91 was never infected, it did not automatically remove the malware-infected file.

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Kaspersky Lab Experts referred to the Equation group as the “God” or the “Death Star” of Malware. Part of the huge arsenal of code which the Equation group has been developing over what looks like decades is “nls_933w.dll“. “It allows them to reprogram the hard drive firmware of over a dozen different hard drive brands“.

Once “nls_933w.dll“ installs the Malware into the Hard Disk’s firmware, there is no way to remove it. Repartitioning will not affect it. Reformatting has no effect. The only way to get rid of this Malware from the targeted computer, is to physically destroy the Hard Disk.

Kaspersky Lab goes on to report that the Equation group seems to have existed long before the Stuxnet group.

The word “Elite” is part of the lexicon of Hackers. The Equation group therefore can be called the Elite of the Elite of the Elite of the Elite of the Elite and so on of Uber Hackers. To be able to hack and modify a Hard Drive’s firmware is unheard of. To be able to do so for Hard Drives of over a dozen different brands is insanely impossible. Yet the Equation group did it and very likely much more, that has yet to come to light. In comparison, this makes things likethe REGIN Malware group’s incredible capabilities seem like no big deal.

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

This is a further update to our prior post about the breaking news of a major Cyber Bank Heist.
The amount supposedly stolen from assorted banks around the globe is now being published to be around $1 Billion Dollars.

I have had many arguments about security software. One group especially got me going because to them Norton Security was the end all and be all. I finally got their so-called Tech to admit that to him Norton Security was the best because it had the largest market share. That’s like saying that GM automobiles are better than Rolls Royce automobiles because GM has a larger market share.

The report on what Kasperky Lab had determined about the Cyber Bank Heist will be made public on Monday Feb 16.

Supposedly ATMs were instructed by the Hackers to dispense money at specific times.

Account balances were supposedly inflated and then the inflated amounts were transferred to Bank Accounts setup by the Hackers.

In the New York Times article it seems that Kaspersky Lab had supposedly seen evidence of hundreds of millions of dollars in supposed theft. The article implied that the Cyber Security Experts at Kaspersky Lab think that the sums stolen could possibly be multiple times more.

I will keep watching for the official Kaspersky Lab report on Monday. Till then you can learn more about this by visiting some of the links below.

I will continue to post about this as more is learned – most likely when that Kaspersky Lab report is released on Monday Feb 16 2015.

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Copyright

If a specific photo is not our own, we will include a Photo Credit just below the photograph in the Caption area. Any such photos are either in the Public Domain, carry a Creative Commons license for Free use or are used with permission granted by said Copyright Holder.

Videos are linked to only when the originating Video site permits us to do so. The vast majority of linked to videos found on this site are courtesy of YouTube and assorted YouTube Channels.

Affiliations & Disclaimer

Uniquely Toronto and this blogsite are not affiliated with the City of Toronto, in any way.

The City of Toronto does "not" sponsor or endorse the Uniquely Toronto blog, or the Photos and Blog Posts found here.

****************
DISCLAIMER:
****************
All the articles on this site are for entertainment, educational and commentary purposes only, and as such are protected by Laws governing Free Speech. They are not intended to provide, nor replace, medical, health, legal, financial or other professional advice. Each person visiting our site must do their own Due Diligence and always speak with their own Licensed Medical and or Licensed Financial Professional.

In 2017 I have started to post about Medical Cannabis. FDA Disclaimer: The statements on this site have not been evaluated by the US FDA and are not intended to diagnose, treat, cure or prevent any disease.

Your Licensed Medical Doctor must be consulted before
starting any form of treatment.

The information which is posted on the Uniquely Toronto blog should NEVER be considered as being professional medical advice. Vincent Banial is not a Licensed Medical Doctor. As was mentioned earlier in this Disclaimer, all the articles on this site are for entertainment, educational and commentary purposes only.

Anything posted on this Blog is subject to change without notice. I report on events over which I have no control. Stuff happens and things are always subject to change without notice (like life itself).

No endorsement of products and services found in our photos or mentioned in our blog posts is either expressed or implied.

Blog posts may contain unintentional errors and or omissions. Please inform me of any errors that you may find on the blog. Our email address is at the top of the blog.

All posts are for entertainment, educational and commentary purposes only, and as such are protected by Laws governing Free Speech.

Trademarks

Product names, brands, logos and any other trademarks found in our Photos or referred to within our Blog posts, are the property of their respective trademark holders. Any Trademarks found and are not used here for commercial purposes. The trademark owners are not affiliated with Vincent Banial, or the Uniquely Toronto blog, or the Uniquely Tech blog, or the Unique F-Stop blog, or the CLiK CLiK Vic photo site. The trademark owners do "not" sponsor or endorse our Photos or Blog Posts

Published under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0 license

The licensor cannot revoke these freedoms as long as you follow the license terms.

Under the following terms:

Attribution — You must give appropriate credit to Vincent Banial, provide a link back to https://uniquelytoronto.wordpress.com, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.

NonCommercial — You may not use the material for commercial purposes.

NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.

No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

Notices:

You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation.

No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.